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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the fee 
set forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office 
action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
08/03/2004 has been entered. 

Response to Arguments 

2. Applicant added new features to claims 1 , 5 and 16 in the amendment 
filed on 05/06/2004. Applicant's arguments with respect to theses new features will be 
answered in the following action. 

3. In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed, Cir. 1988) and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the missing of 
pre-determined rules in Kraenzel technique could be supported by the taught of Behera 
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because both of the technique is to optimize documents access based on access 
control list. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1 and 5 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains 
subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. 

As in claims 1 and 5, the claimed retrieving from the centralized database, an 
exception access rule including pre-established criteria; applying the exception access 
rule to the completed request for quick approval; and automatically approving access 
based on the exception access rule are not supported by the specification. 
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Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claim 16 is rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claim 16 merely recites non-functional descriptive material. The claim recites a 
plurality of data elements absent any functional interrelationship to result in a data 
structure. The preamble recites " database " but fails to limit the claim to a tangibly 
embodied version of the database. Additionally, applicants' use of "corresponding to " 
throughout the claim raises a question as to what the data is, since the data itself which 
is referred to is not positively recited in the claim, merely something that "corresponds 
to" the various forms of data described. 
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Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

9. Claims 1, 3 and 4 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kraenzei [USP 6,513,039] in view of Behera [USP 6,535,879]. 

Regarding claim 1 , Kraenzei teaches a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list (ACL). 
Profile generating systems is a client/server system having multiple users connected 
over a network, wherein users may also be connected to one or more databases via the 
network (Kraenzei, Col. 1, Lines 13-18). As shown in FIG. 1, a profile 
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compiling/updating object 32 may use the information received from user affinity 
determining object 30 to generate a user profile (Kraenzel, CoL 2, Lines 65-67) as the 
step of creating an electronic profile for a user within a centralized database. To prevent 
access to objects containing, for example, confidential or proprietary information, users 
may be assigned levels of access privileges. Access privileges may be, for example, 
read-only, edit, etc. Access privileges may be assigned by a system administrator and 
stored in an access control list or ACL (Kraenzel, Col. 1 , Lines 18-26) as the step of 
creating an ACL as an electronic profile for data within the centralized database. As shown 
in FIG. 3, a user accesses a requested object in a database at step 152. The user's 
access privileges for the object(s) requested is retrieved at step 154. Based on step 
154, step 156 determines whether the user's access privileges meet the minimum 
requirements set by the object administrator. If the user's access privileges meet the 
minimum requirements, step 158 retrieves the requested object and step 160 presents 
the object(s) to the user (Kraenzel, Col. 4, Lines 20-31 ). As seen, the procedure for 
accessing a requested object as discussed as methodology is established for user access. 
In order to grant access to a requested object or making a decision with reference to the 
user access, access privileges in ACL and user profile are compared, and the procedure 
is processed as at step 1 56-1 58 to complete an evaluation based on the electronic profiles, 
and operating methodology in response to a request from the user for access. Returning to 
FIG. 3, step 156 determines i/the user's access privileges do not meet the minimum 
requirements set by a system administrator for that object(s), the user is denied access, 
and step 1 62 prompts the user to complete a request for quick approval (Kraenzel, Col. 4, 
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Lines 31-35). Step 166 determines if additional privilege have been granted. If additional 
privileges have been granted, the ACL is updated to retrieve and present the requested 
object to the user (Kraenzel, Col. 4, Lines 35-43). As seen, additional privilege as 
additional rule including pre-established criteria, determining the granting status of 
additional privilege indicates the step of applying the access rule to the completed request 
for quick approval, and granting the additional privilege indicates the step of approving 
automatically access based on the exception rule. Kraenzel does not explicitly teach the 
additional privilege is retrieved from the centralized database, pre-determined rules are 
established in addition with methodology as discussed above, and the evaluation based on 
pre-determined rules. However, step 154 of FIG. 3 teaches that access privileges have to 
be retrieved from the database (Col. 4, Lines 25-26). Thus, additional privilege, 
obviously, has to be retrieved from the database also. Behera teaches a method to control 
access via properties system by providing ACL rules based on the properties 
associated with the entries (Behera, Col. 1, line 64-Col. 2, line 5). Behera further 
discloses the step oi establishing pre-determined rules (Behera, Col. 4, Lines 25-54) and 
evaluating the pre-determined rules to grant access to a user (Behera, Col. 6, Lines 13- 
1 6). Therefore, it would have been obvious for one of ordinary skill in the art at the time 
the invention was made to modify the Kraenzel method by applying the access rules to 
the ACL as taught by Behera in order to grant access to a user or a group to a particular 
attribute object in the database. 
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Regarding claim 3, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 1 , Kraenzel further discloses 
the step of creating data profiles based on at least one of Data Elements, Data Tags, Rules of 
Access, an Approver's Name for Each Rule of Access, Rules of Exclusion, an Exception List, 
and Field Tags (Kraenzel, Col. 1 , lines 13-26). 

Regarding claim 4, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 3, Behera further discloses the 
step of establishing pre-determined rules in the centralized database based on at least one of 
Rule Based Access guidelines, Group Based Access guidelines. Search & Subscribe Utilities 
guidelines. Active Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and 
Access Audits guidelines; and establishing methodology to ensure timely and accurate 
decision making based on criteria established by the management (Behera, Col. 4, lines 26- 
55). 

10. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879], CERN 
[Administrative Information Services, Oracle HR] and Lillibridge [USP 6,195,698 
B1]. 

Regarding claim 2, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 1 , but fails to disclose the step 
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of creating an electronic profile based on information available from at least one an OHR 
Application and an RFCA Application, CERN teaches an OHR application and Lillibridge 
teaches an RFCA Application (Lillibridge, Col. 8, lines 35-46). Therefore, it would have 
been obvious for one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel and Behera method by using information from OHR Application 
and RFCA Application to build the electronic profile in order to distribute object to a user 
or a group via IP address. 

11. Claims 5-14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kraenzel [USP 6,513,039]. 

Regarding to claim 5, Kraenzel teaches a method for managing a user profile 
(Kraenzel, Abstract), wherein user profiles and objects are stored in one or more 
database (Col. 2, Lines 50-56). Profile generating systems is a client/server system 
having multiple users connected over a network, wherein users may also be connected 
to one or more databases via the network (Kraenzel, Col. 1 , lines 13-18). As illustrated 
at FIG. 2, profile system 14 may use a data-mining technique to generate a user profile 
(Kraenzel, Col. 3, Lines 45-46). Profile system 14 includes a plurality of modules, such 
as ACL accessing object, access-determining object, topic- determining object, for 
generating a user profile (Kraenzel, Col. 3, Lines 1-15). A generated user profile is used 
to determine the objects accessible by a particular user (Kraenzel, Col. 4, Lines 20-31). 
As seen, profile system 14 with a plurality of modules for generating a user profile to 
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determine the objects accessible by a particular user, who does not have the right to 
access the objects before the process of generating his/her profile as provided 
capabilities for a user to request access to information that the user currently does not have 
access to. The modules as discussed above will go over each condition of the requested 
profile to determine accessible objects, such as which objects the user has been given 
access privileges, what subject matter could be accessible, what privileges a user has 
for that object, for example, read-only, manager, to determine access right (Kraenzel, 
Col. 3, Lines 1-10). As seen, the module as a tracking component coupled to the 
database as centralized interactive database goes over each condition of requested 
profile for determining accessible objects. In other words, the technique as discussed 
performs the claimed tracking a status of the request using a tracking component coupled to 
the centralized interactive database. Those conditions will be determined by using access 
control list (Kraenzel, Col. 3, Lines 43-58) as the step of obtaining a decision from an 
owner of the data requested, and thereafter is the step of adding at least one of a rule and 
the user to the database^ if the decision is access approval (Kraenzel, Col. 3, Line 66-Col. 4, 
Line 15). As illustrated at FIG. 3, step 156 determines //"the user's access privileges do 
not meet the minimum requirements set by a system administrator for that object(s), the 
user is denied access, and step 1 62 prompts the user to complete a request for quick approval 
(Kraenzel, Col. 4, Lines 31-35). Step 166 determines if additional privilege have been 
granted. If additional privileges have been granted, the ACL is updated to retrieve and 
present the requested object to the user (Kraenzel, Col. 4, Lines 35-43). As seen, 
additional privilege as additional rule including pre-established criteria, determining the 
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granting status of additional privilege indicates the step of applying the access rule to the 
completed request for quick approval, and granting the additional privilege indicates the 
step of approving automatically access based on the exception rule. Kraenzel does not 
explicitly teach the step of notifying the user of the decision if the decision is access 
approval when generating a user profile. However, as illustrated at FIG. 2, after the 
process of determining accessible objects, user privileges and adding rule to a user 
profile from 104 to 1 10, the user profile is compiled and presented to the user at steps 
1 12 and 1 14. Obviously, by presenting the profile to the user, the compiled profile 
implied an access approval notification. In addition, Kraenzel teaches the technique of 
access denied notification at step 164 of FIG. 3. Therefore, it would have been obvious 
for one of ordinary skill in the art at the time the invention was made to include a 
notification message to indicate an approval decision in order to confirm a user access 
right before presenting the profile to a user. 

Regarding claim 6, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of obtaining at least 
one of an approval decision and a disapproval decision (Kraenzel, Col. 4, lines 20-43). 

Regarding claim 7, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of reviewing and 
auditing the user access (Kraenzel, Col. 4, lines 20-43). 
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Regarding claim 8, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of creating a consistent 
security model that includes centralized administration of security of the system and uses 
single user profile and privilege for accessing different applications (Col. 3, lines 1 -1 5; Col. 
4, lines 20-43). 

Regarding claim 9, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of creating user 
profiles; providing access control to data associated with user profiles; defining permissions 
based on a user identifier associated with user profiles; and developing a specification for user 
interfaces (Kraenzel, Col. 3, line 1-Col. 4, line 13). 

Regarding claim 10, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step providing 
administration of a common security model for access control and event notification 
(Kraenzel, FIG. 3). 

Regarding claim 1 1 , Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of updating profiles 
automatically on at least one of a pre-determined timed interval and a change in organization 
hierarchy (Kraenzel, Col. 3, lines 33-42). 
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Regarding claim 12, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel does not explicitly teach the step of updating 
profiles automatically when a user transfers departments. However, as disclosed by 
Kraenzel, profile system 14 may automatically update a user's profile by periodically 
checking the ACL of the network. This may be performed on a routine basis, or on a 
random basis, when requested by a system administrator, or at various other instances. 
System 14 may also use the above process for updating a user profile by simply adding 
supplemental information to the user profile (Kraenzel, Col. 3, lines 33-42). Thus, when 
a user transfers departments, system administrator updates the ACL, and user profile 
will be updated automatically. Therefore, it would have been obvious for one of ordinary 
skill in the art at the time the invention was made to modify the Kraenzel and Stockwell 
method by including the step of updating profiles when a user transfers department in 
order to control access to a database. 

Regarding claim 13, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of generating access list 
reports that identify accessible and non-accessible data and restrictions for access (Kraenzel, 
Col. 1, lines 20-26 and Col. 2, lines 12-16). 

Regarding claim 14, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of retrieving 
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information from the centralized database in response to a specific inquiry from an 
administrator (Kraenzel, Col. 4, lines 20-43). 

12. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kraenzel [USP 6,513,039] in view of Stockwell et al. [USP 5,950,195]. 

Regarding claim 15, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel fails to teach the client system and the server 
system are connected via a network and wherein the network is one of a wide area network^ a 
local area network^ an intranet and the Internet, Stockwell discloses the client system and 
the server system are connected via a network and wherein the network is one of a wide area 
networky a local area network^ an intranet and the Internet (Stockwell, Col. 4, lines 21-28). 
Therefore, it would have been obvious for one of ordinary skill in the art at the time the 
invention was made to modify the Kraenzel method by including a network in order to 
process the method for the remote users. 

13. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Behera [USP 6,535,879] in view of Kraenzel [USP 6,513,039 B1]. 

Regarding to claim 16, Behera teaches a LDAP as a database configured to be 
protected from access by using Access Control List or ACL. The Directory Server 
Administrator creates basic ACL rules that grant specific users access to certain 
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information in the directory (Behera, Col. 3, lines 9-37). Behera further discloses the 
ACL rules that comprises a group based access guidelines based on the attributes to 
set up the rule (Behera, Col. 4, lines 42-44) as data corresponding to pre-established 
criteria developed from access rules and criteria including at least one of Rule Based Access 
guidelines^ Group Based Access guidelines^ Search & Subscribe Utilities guidelines^ Active 
Positioning Monitoring guidelines^ Hard Exclusion Rules guidelines^ and Access Audits 
guidelines. As in Behera, Col. 4, Lines 40-41, in order to allow access to a specific user, 
user name and access privileges such as read, write are used 
ACL: (list of attrs) (allow(read) user= "prasanta") 

As seen, a user can retrieve data in the database corresponding to the read 
applications, the read application is cross-referenced against an access privilege (read) 
as unique identifiers, and user name as data corresponding user that cross-references 
user name against "prasanta" as unique identifier. In other words, the technique as 
discussed indicates data corresponding to applications^ including system administrator 
defined attributes that cross-references the applications profile data against unique identifiers; 
data corresponding to users that includes a user's organization and citizenship that cross- 
references the users profile data against unique identifiers. Although the directory server 
matches the desired attributes within the specified attribute fieldname with the user's 
attributes for allowing access to the directory entry only if the user has the desired 
attribute values. Behera fails to teach data corresponding to pre-determined rules and 
methodologies that facilitates accurate user access-decision making, Kraenzel teaches a 
method for generating a profile of a network user based on a user's access privileges 
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stored in an access control list (ACL). Profile generating systems is a client/server 
system having multiple users connected over a network, wherein users may also be 
connected to one or more databases via the network (Kraenzel, Col. 1, lines 13-18). As 
shown in FIG. 3, a user accesses a requested object in a database at step 152. The 
user's access privileges for the object(s) requested is retrieved at step 154. Based on 
step 154, step 156 determines whether the user's access privileges meet the minimum 
requirements set by the object administrator. If the user's access privileges meet the 
minimum requirements, step 158 retrieves the requested object and step 160 presents 
the object(s) to the user. If, however, step 156 determines that the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
object(s), step 162 determines whether the user has requested additional privileges 
from the system administrator. If additional privileges have not been requested, step 
164 notifies the user that access has been denied. Otherwise, step 166 determines if 
additional privileges have been granted. If additional privileges have been granted, step 
168 updates the ACL and may proceed to retrieve and present the requested object 
using steps 158 and 160 respectively. If step 166 determines that additional privileges 
have not been granted, the user may be notified that access has been denied using 
step 164 (Kraenzel, Col. 4, lines 20-43). As seen, the procedure for accessing a 
requested object of FIG. 3 as predetermined rules and methodologies that facilitates 
accurate user access-decision making. Therefore, it would have been obvious for one of 
ordinary skill in the art at the time the invention was made to modify the Behera 
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technique by using the nnethod of access as taught by Kraenzel in order to process an 
access request of a user. 



14. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to HUNG Q PHAM whose telephone number is 571- 
272-4040. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JOHN E BREENE can be reached on 571-272-4107. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

1 5. Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Examiner Hung Pham 
November 29, 2004 




